[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ESA-2016-039: EMC ViPR SRM Multiple Cross-Site Request Forgery Vulnerabilities




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

ESA-2016-039: EMC ViPR SRM Multiple Cross-Site Request Forgery Vulnerabilities

CVE Identifier: CVE-2016-0891

EMC Identifier: ESA-2016-039

Severity Rating: CVSS Base Score 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Affected products: 
EMC ViPR SRM versions prior to 3.7

Summary: 
EMC ViPR SRM contains fixes for Cross-Site Request Forgery vulnerabilities that may potentially be exploited by malicious users to compromise the affected system.

Details:
EMC ViPR SRM is affected by multiple cross-site request forgery vulnerabilities in certain administrative pages of the application. Attackers may potentially exploit these vulnerabilities to execute unauthorized requests on behalf of authenticated administrative users of the application.

Resolutionâ??	
The following EMC ViPR SRM release contains resolutions to these vulnerabilities:

EMC ViPR SRM version 3.7 or later

EMC recommends all customers upgrade at the earliest opportunity.

Link To Remedies:	
Registered EMC Online Support customers can download patches and software from support.emc.com at: https://support.emc.com/downloads/34247_ViPR-SRM.

Credits:
EMC would like to thank Han Sahin of Securify B.V. (han.sahin@xxxxxxxxxxx) for reporting these vulnerabilities.

EMC Product Security Response Center
security_alert@xxxxxxx
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQEcBAEBCgAGBQJXFjj3AAoJEHbcu+fsE81ZcykH/RJcqjgkJjClMbteJ2nXRvtG
tvaFnR30D7lq6vmbB/eMp5p23tTuFtaPqmIVmc6yJhqHqan4lUHPPu2xTN+baGIg
Gc4bxWtHpyDGA40B7mU53hsEK/7g6lqUtwPXB4PVgQNDwIrftnMd644yBaaokZhF
HfasnLP6cYs3fgmp9XFzpKDNZAToOYmCP+f/rgcrTCqUBfvvMVXeheXTiVcV0mTn
mey7xs0fwREiyaoj0UQToL+oImg+RJr6zBC3VtWGq3WdnwGWyv3nF0rF6hnQYH3g
oBYWeFAJkrseDDMiDXETOl6h9LtFfntnDY1JCUB+LxQq8wPtVY1Q1yYXMYZizqU=
=w2gq
-----END PGP SIGNATURE-----